search

veliovgroup / Meteor-Files

🚀 Upload files via DDP or HTTP to ☄️ Meteor server FS, AWS, GridFS, DropBox or Google Drive. Fast, secure and robust.
https://packosphere.com/ostrio/files
BSD 3-Clause "New" or "Revised" License
1.11k stars 166 forks source link

Get user ip on upload #869

Closed Kaczkazniszczenia closed 1 year ago

Kaczkazniszczenia commented 1 year ago

I'm having difficulties in finding any info on how i can get connection info at server side (IP to be specific) on user who is sending file to server. Can someone point me to right page or right way to do it ? Big thanks in advance.

jankapunkt commented 1 year ago

I think the Meteor._lastSessionId value is stored in the x-mtok cookie, which you can use to get the connection from Meteor.connection or Meteor.server (I'm not 100% sure which one of both you have to look into).

dr-dimitru commented 1 year ago

how i can get connection info at server side

@Kaczkazniszczenia please elaborate what hook/callback you're talking about, and what exactly are you trying to accomplish?

dr-dimitru commented 1 year ago

@Kaczkazniszczenia post your code as well, let's speak code please

Kaczkazniszczenia commented 1 year ago 
const Files = new FileCollection({
  collectionName: 'files',
  allowClientCode: false,
 ...
  onAfterUpload: function (file) {
    const userId = this.userId; // not important for example
    const userIp = this.connection?.clientAddress; <--- example of what i need
    console.log(`uploaded by user:${userId} from ${userIp}`);
    return createAfterUpdate(imageBucket).call(this, file);
  },
  onAfterRemove: function (file) {
    const userId = this.userId; // not important for example
    const userIp = this.connection?.clientAddress <---- example of what i need
    console.log(`Removed by user:${userId} from ${userIp}`);
  }
});

@dr-dimitru My main objectives are to get info on users ( IP is a must ) who are uploading and removing files, so i imagine onAfterUpload and onAfterRemove would be perfect place to log their actions. While we are at it, it would be nice to have user connection info on all hooks (onBeforeUpload, protected, ...).

This is just an example and I will be happy and grateful as long as there is secure way to get user IP, somewhere in pipeline while uploading,

I think the Meteor._lastSessionId value is stored in the x-mtok cookie, which you can use to get the connection from Meteor.connection or Meteor.server (I'm not 100% sure which one of both you have to look into).

@jankapunkt Might get messy/not secure if users start logging on multiple computers or do something malicious. Anyway this is a fine idea i'm sure to explore if i wont be able to get/put connection info in to FileCollection methods. Big thx.

edited formmating

dr-dimitru commented 1 year ago

@Kaczkazniszczenia onAfterUpload and onAfterRemove and other hooks/callbacks are state-less by nature. I recommend to:

  1. use .onLogin to fetch user's current session and IP
  2. Update user's object with up-do date details
  3. Find user's object in Meteor-File's hooks/callback and use user's details as needed
dr-dimitru commented 1 year ago

@Kaczkazniszczenia have you figured it out?

Kaczkazniszczenia commented 1 year ago

Still working on it, but I decided to create token before file upload and place them inside file meta. On server side token will be matched with session info allowing me to fetch it after upload.

@dr-dimitru would you like me to put my code here after I'm done ?

Kaczkazniszczenia commented 1 year ago

Thanks for help.

dr-dimitru commented 1 year ago

@Kaczkazniszczenia not sure how token related to obtaining user's IP from you original question. Please share code, I'm curious